Credit Card Safety


#1

How do I know when I order soylent that my credit card info will be safe?


#2

I think they’re still going through Crowdhoster, so you couldread over the Crowdhoster Privacy Policy if you’re concerned. Once they launch their own storefront… well, it would be pretty much like buying anything else online. You read over the legalese if you want to, decide if you trust them, and if there’s a GoogleWallet/Paypal/AmazonPay/etc option, go for that because it’s quicker/easier/safer/etc.


#3

According to Backerkit:

We have your credit card on file, stored securely by Stripe


#4

Some Banks are emitting anonymous Mastercards

Such a Card carries the name of the emitting Bank ( and NOT your own real life name )

Such an anonymous Card does NOT carry your own personal bank accounts numbers

It is completeley LEGAL : one can use it for online buys and also in your local shops

ONLY the emitting Bank , knows the true identity of the holder and caretaker of the Card

Such a Card does not give credit , one has to “upload” it with enough money ( via your personal bank account or other means ) , and as a consequence you can upload it with as little money as possible

If there is not enough money on the Card for your buy , the transaction will fail

Also if sometings happens with such a Card , the compromised card can never go under zero money , you will loose ( only ) the uploaded money

A normal Creditcard ( carrying your own real life name and carrying your own bank account numbers ) is much more dangerous when it is compromised . Such Cards DO GIVE CREDIT , and can go under zero amount of money . So , for example one could loose 1.000 dollar / euro in credit

Not sure if such anonymous Cards are available in every country .


#5

Just found this very good read about Credit Card Safety

http://business.time.com/2014/01/18/your-debit-card-is-much-more-dangerous-than-you-think/

Link = business.time.com/2014/01/18/your-debit-card-is-much-more-dangerous-than-you-think/

Europe uses since long a Card with an embedded Chip

To validate a transaction / payment a 4-digit PIN code number ( Personal Identification Number ) is neccesary

I understood that US still uses the very unsafe magnetic strip on these Cards and still has the old-fashioned hand-signed paper transactions

Canada uses the Chip /PIN Cards

I guess most European countries have Chip / PIN cards ( but not all countries )

Very unsafe is that European Chip / PIN cards still carry as extra these magnetic strips !!! The magnetic strips are still needed for those European countries that are lagging behind with introducing the newer safer Chip / PIN technology

The financial and personal data stored on the magnetic strips on Cards are very easy to copy , and hence prone to fraudulent use . It happens sometimes that these data on the magnetic strips are destroyed by the presence of some magnetism ( e.g. magnetic locks , magnets , … )

It would be safer if the cards did not have these magnetic strips anymore , and had only embedded chips .

More reading on http://robertsiciliano.com/blog/2014/01/20/older-technologies-facilitate-credit-card-fraud/

There is also some controversy that a 4-digit PIN is enough . Security would be much improved , when the PIN would be 5-digit . But the banks are very reluctant to introduce the more safe 5-digit PIN . Banks have already enough trouble and costs with their customers forgetting their 4-digit PIN , so a 5-digit PIN , that is just asking for trouble !!!


#6

There are a lot of interesting comments coming in , on the above article on the safety of credit cards .

Here is a reply explaining the situation in Canada :

We’ve been using chip & pin cards here in Canada since 2008. I can’t remember the last time I signed a receipt! Well, yes I do, it was in the US! They still get compromised with online hackers, but we get notified via phone and they automatically send us a new card, usually before anything has happened. I think they are being overcautious when they do this - they do it even if there’s a chance that it may have been compromised<

Here is a reply , explaining the vulnerability of the magnetic strips :

I now have chip & PIN World MasterCard, which is a good thing - but to enable use in most of US, the thing has a mag strip, too, which makes it vulnerable here. It will be nice when we finally catch up with the rest of the world.

This is a very very good detailed technical reply on some un-safety issues of Chip / PIN cards ( for all the given links see the original reply )

A problem with this article is that it assumes that the EMV system used in Europe is secure. Security Researches have shown at large Security / Hacking events, that the newer system is still plagued with problems and how to bypass the security measures that have been put in place.

It seems that in the US there is the possibilty for a so-called anonymous Card , that you have to “upload” with enough money

The best way to use a debit card is to get one from Walmart. A Walmart money card. I use it for all my online puchases and I only load the amount of money on it I’m going to spend. It has a near zero balance otherwise. And it leaves your bank account alone.


#7

Here is a very good read that I found on the use of anonymous Cards , especially for the US :

http://www.theprivacyguy.com/2007/03/30/anonymous-prepaid-credit-cards/
link = theprivacyguy.com/2007/03/30/anonymous-prepaid-credit-cards/

http://www.theprivacyguy.com/anonymous-credit-debit-cards/
link = theprivacyguy.com/anonymous-credit-debit-cards/

http://www.theprivacyguy.com/2007/12/30/anonymous-prepaid-credit-card-options/
link = theprivacyguy.com/2007/12/30/anonymous-prepaid-credit-card-options/

http://www.theprivacyguy.com/2007/04/02/anonymous-prepaid-credit-cards-update/ ( 2.070 replies )
link = theprivacyguy.com/2007/04/02/anonymous-prepaid-credit-cards-update/

Gee … why a new window is created , and sometimes not , is a mystery for me !


#8

All those links seem very interesting - but correct me if I’m wrong, if I understood correctly the OP didn’t want to know about the general safety of credit cards in everyday use (magnetic strip, chips, PIN, etc.), but specifically if the ordering page was secure and if Soylent was serious about processing payments. The given links to Crowdhoster and Stripe privacy policies seem to answer the question.


#9

@ disquiet ( your very first comment on the Soylent forum for me )

That is what the OP exactly asked

The online payment and the payment processus by Soylent will probably be safe ( if done on https pages , etc )

But the WEAK POINT comes when you use a normal credit/debet Card ( = carrying your real life name AND your actual banknumbers , AND with the possibility of getting credit ) , you are in fact scattering your true ID and bank numbers ALL over the world with several companies ( small or big )

The very serious problems will come when the ID & financial data , that are being kept by a particular company are being hacked and STOLEN by criminals . Then you are in very serious trouble , because your data can be misused by cyber criminals .

A 100 % safety is never possible on the internet

Users of online-banking are generally more conscious of the risks they take when performing online transactions than with any other online service. This isn’t surprising, because if the wrong person gets their hands on your login details or in the worst case your TAN numbers as well, they can easily empty your account from anywhere in the world. Nevertheless, far too many users still bank online with little care, resulting in billions in damages every year.

Newsletter from an Internet Protection Company = http://www.emsisoft.com/en/kb/articles/tec121213/

Found this question on the forum of Microsoft ( a very good read )

is it safe for me to use my credit card online when connected to an unsecure public network ?

http://answers.microsoft.com/en-us/windows/forum/windows_7-security/is-it-safe-for-me-to-use-my-credit-card-online/56c48a8d-5f8b-4172-a5a3-5e731e5850ba

And that is where an anonymous card for online transactions is MUCH safer ( does NOT carry your real life name , does NOT carry your actual bank numbers , does NOT go under zero money value )

The PIN and Chip technology is related to safety , but is not 100% safe :

Target Breach: Why Smartcards Won’t Stop Hackers

“Chip and PIN” smartcard adoption in the United States is long overdue. But the security improvement wouldn’t have stopped Target’s BlackPOS malware attackers

Read more on

http://www.informationweek.com/security/attacks-and-breaches/target-breach-why-smartcards-wont-stop-hackers-/d/d-id/1113565?

As a related sidenote , just in the news today

Hackers access 16 million email accounts

Millions of Germans have had their passwords and usernames for websites stolen, the country’s Federal Office for Online Security (BSI) revealed on Tuesday.

http://www.thelocal.de/20140121/agency-warns-of-16-million-email-accounts-hacked-bsi-germany

More reading about these stolen email-data :

Germany Warns That Criminals Have Stolen 16 Million Email Credentials

And here is more , this time on stolen data from Credit Cards users :

This is what happened recently with three credit card firms in South Korea, where the financial and personal data belonging to users of at least 20 million, in a country of 50 million, was stolen by an employee, who worked as a temporary consultant at Korean Credit Bureau (KCB).

And another story :

1.1 Million Cards Compromised in Neiman Marcus Hack

Neiman first became aware of the problem in mid-December when it was informed by its merchant processor “of potentially unauthorized payment card activity that occurred following customer purchases at our stores.” The store hired a forensic investigator, who on Jan. 1 found evidence of a criminal cyber-security intrusion, and that investigation continues.


#10

This was already very clear to me, I am very aware of hacking, of the risks of companies keeping sensitive data, and of the security breaches around the world since I keep myself very much informed. And in any case, the Stripe privacy policy that you surely have read is pretty clear on that. But that wasn’t my point.

The Chip and PIN sure improves security and magnetic stripes are the root of all evil - ok, we got that.
How does improving security on this level relates to the purchase of Soylent though? Unless the website provides a hardware card reader and that I share it (something that hasn’t happened to me in 15+ years of online purchases… yet!), I fail to understand how it’s related and how I’m exposed to more or less risk.

Re anonymous cards and the rest, how much paraphrasing is needed?


#11

@ disquiet

Paraphrasing = " something which repeats something else in different words "

Done .